How to configure the Linux kernel/net/netfilter
Howto configure the Linux kernel / net / netfilter ---- Core Netfilter Configuration **depends on NET && NETFILTER *'Option:' NETFILTER_NETLINK **Kernel Versions: 2.6.15.6 ... tristate Netfilter netlink interface help If this option is enabled, the kernel will include support for the new netfilter netlink interface. *'Option:' NETFILTER_NETLINK_QUEUE **Kernel Versions: 2.6.15.6 ... **(on/off/module) Netfilter NFQUEUE over NFNETLINK interface **depends on NETFILTER_NETLINK **: If this option isenabled, the kernel will include support for queueing packets via NFNETLINK. *'Option:' NETFILTER_NETLINK_LOG **Kernel Versions: 2.6.15.6 ... **(on/off/module) Netfilter LOG over NFNETLINK interface **depends on NETFILTER_NETLINK **: If this option is enabled, the kernel will include support for logging packets via NFNETLINK. **: This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms, and is also scheduled to replace the old syslog-based ipt_LOG and ip6t_LOG modules. *'Option:' NF_CONNTRACK **Kernel Versions: 2.6.15.6 ... **(on/off/module) Layer 3 Independent Connection tracking (EXPERIMENTAL) **depends on EXPERIMENTAL && IP_NF_CONNTRACK=n **default n **: Connection tracking keeps a record of what packets have passed through your machine, in order to figure out how they are related into connections. **: Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols. **: To compile it as a module, choose M here. If unsure, say N. *'Option:' NF_CT_ACCT **Kernel Versions: 2.6.15.6 ... **(on/off) Connection tracking flow accounting **depends on NF_CONNTRACK **: If this option is enabled, the connection tracking code will keep per-flow packet and byte counters. **: Those counters can be used for flow-based accounting or the `connbytes' match. **: If unsure, say `N'. *'Option:' NF_CONNTRACK_MARK **Kernel Versions: 2.6.15.6 ... **(on/off) 'Connection mark tracking support' **depends on NF_CONNTRACK **: This option enables support for connection marks, used by the `CONNMARK' target and `connmark' match. Similar to the mark value of packets, but this mark value is kept in the conntrack session instead of the individual packets. *'Option:' NF_CONNTRACK_EVENTS **Kernel Versions: 2.6.15.6 ... **(on/off) Connection tracking events (EXPERIMENTAL) **depends on EXPERIMENTAL && NF_CONNTRACK **: If this option is enabled, the connection tracking code will provide a notifier chain that can be used by other kernel code to get notified aboutchanges in the connection tracking state. **: If unsure, say `N'. *'Option:' NF_CT_PROTO_SCTP **Kernel Versions: 2.6.15.6 ... **(on/off/module) 'SCTP protocol on new connection tracking support (EXPERIMENTAL)' **depends on EXPERIMENTAL && NF_CONNTRACK **default n **: With this option enabled, the layer 3 independent connection tracking code will be able to do state tracking on SCTP connections. **: If you want to compile it as a module, say M here and read Documentation/modules.txt. If unsure, say `N'. *'Option:' NF_CONNTRACK_FTP **Kernel Versions: 2.6.15.6 ... **(on/off/module) FTP support on new connection tracking (EXPERIMENTAL) **depends on EXPERIMENTAL && NF_CONNTRACK **: Tracking FTP connections is problematic: special helpers are required for tracking them, and doing masquerading and other forms of Network Address Translation on them. **: This is FTP support on Layer 3 independent connection tracking. Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols. **: To compile it as a module, choose M here. If unsure, say N. Linux Kernel Configuration Category:Linux